Eight Rights of Individuals Under GDPR: Understanding Your Rights

As a marketer, one of the important changes I have made is to understand how the eight rights of individuals under GDPR impact the way I collect, store, and use personal data. I also advise clients I work with to take note of these rights and ensure their data practices are aligned with GDPR regulations.

The General Data Protection Regulation (GDPR) is a law that helps protect people’s personal information and ensures businesses handle data responsibly. Whether you are an employee, employer, or professional in any field, understanding your rights and duties under GDPR is important in today’s digital world.

The General Data Protection Regulation (GDPR) is a strong set of rules that protects your personal information in many areas of life. This guide explains your rights with simple examples to help you see how data protection works in everyday situations.

Before I talk about your specific rights under GDPR, let’s go over the main ideas behind it:

  • Fair and Clear Use: Personal information must be handled legally and fairly. Companies should clearly explain how they collect, use, and store your data.
  • Clear Purpose: Organisations should only collect your data for specific and clear reasons. They can’t use it for anything else without your agreement.
  • Only What’s Needed: Businesses should only collect the information they truly need to do their job.
  • Keeping It Correct: Your data should always be accurate and up to date. Any mistakes must be fixed or deleted quickly.
  • Not Keeping Data Too Long: Companies shouldn’t hold on to your personal information longer than necessary. Once it’s no longer needed, it should be deleted.
  • Protecting Your Data: Your information should be kept safe from being lost, stolen, or used without permission.

These basic ideas make sure your personal data is handled responsibly.

What does GDPR Stand for?

GDPR stands for General Data Protection Regulation. It’s a law that helps protect your personal information, like your name, address, or even what you do online.

GDPR is a data privacy law made by the European Union in May 2018 to protect people’s personal information and privacy.

It gives you the rights as an individual living in the EU and the European Economic Area (EEA) to control how your data is used. As a marketer, I take this law very seriously.

The goal is to make sure that companies and organizations use your data safely and responsibly, and that you have control over how your information is used.

Under GDPR, you have the right to know what data is being collected about you, ask for a copy of it, correct any mistakes, and even ask for it to be deleted in some cases. It’s there to protect your privacy and make sure your data is handled properly.

 

data protection words

What are the eight rights that individuals have under GDPR?

Now that I’ve provided a brief overview of what GDPR is, I can go on to explain the eight rights individuals have under data protection laws.

The 8 rights under GDPR are:

  • Right to Be Informed
    You have the right to know how your personal data is being used, why it’s collected, and who will see it.
  • Right of Access
    You can ask for a copy of the personal data a company holds about you and see how they’re using it.
  • Right to Rectification
    If your information is wrong or missing, you can ask for it to be corrected.
  • Right to Erasure (Right to Be Forgotten)
    You can ask for your personal data to be deleted if it’s no longer needed or if you don’t want it to be used anymore.
  • Right to Restrict Processing
    You can ask a company to stop using your data for certain things, but they can still keep it.
  • Right to Data Portability
    You can get your personal data in a format that you can easily move to another company if you want to.
  • Right to Object
    You can say no if a company is using your data for things like marketing or if they have no good reason for using it.
  • Rights in Automated Decision-Making
    You are protected from decisions made only by machines or computers, and you can ask for a human to review the decision.

Your Rights Under GDPR

Before I explain each right, it’s important to remember that GDPR gives you strong control over how your personal data is used.

Here’s a breakdown of your rights:

1. Right to Be Informed

Organizations must be transparent about the data they collect about you and how it is used, shared, and stored.

You have the right to know:

  • What personal information is collected about you
  • Why it’s being collected
  • How long it will be kept
  • Who can access it
  • The legal reason for using it

Organizations must give you this information clearly and in plain language so it’s easy to understand.

Examples

  • At Work: HR must explain why they track your performance, how long they keep records, and who can see them.
  • In Healthcare: Hospitals should tell you how your medical records are used, shared, or used in research.
  • Online Services: Streaming apps need to explain how they use your watch history, personal preferences, and algorithms for recommendations.

What You Should Know:

  • Organizations must explain what data they collect and why.
  • Information should be simple and easy to understand.
  • This applies to all sectors, like jobs, healthcare, banking, and online services.

2. Right of Access

You have the right to ask organizations for a copy of your personal information they have, like your work performance records, bank transaction details, or phone and internet usage history.

You can ask for:

  • A copy of all the personal data a company holds about you
  • Details on how your data is being used
  • A free first copy of your data (extra copies may cost a small fee)

Companies must respond to your request within one month.

Examples to look at:

  • At Work: You can ask for copies of performance reviews, training records, or emails about you.
  • Banking: Customers can request their transaction records, credit reports, or personal data used in decisions.
  • Telecommunications: Mobile users can ask for call records, complaint logs, or stored personal details.

What You Can’t Ask For:

  • Company secrets or strategies.
  • Data about someone else.

3. Right to Rectification

You can ask to fix wrong personal information, like correcting a misspelled name on your work papers or fixing mistakes in your medical records.

If the information a company has about you is wrong or incomplete, you can:

  • Ask them to correct it
  • Provide missing details to complete it

They must fix the issue within one month.

Examples

  • At Work: Update misspelled names, wrong job details, or inaccurate reviews.
  • In School: Fix grades, update your address, or correct scholarship details.
  • In Healthcare: Correct errors in your medical history or update your contact information.

Limits:

  • You can’t change opinions or accurate records made in good faith.

4. Right to Erasure (Right to Be Forgotten)

The right to erasure, or “the right to be forgotten,” lets you ask for your personal data to be deleted.

You can ask a company to remove things like your social media history, old loan applications, and job application data.

You can ask for your data to be deleted if:

  • It’s no longer needed for its original purpose
  • You no longer give permission for it to be used
  • The data has been used unlawfully
  • Deletion is required by law

This right isn’t absolute, meaning there are some situations where they may not delete the data (e.g., for legal or public interest reasons).

Examples

  • At Work: Request to delete old training files or recruitment records after you’ve left.
  • Online: Remove your shopping history, search records, or old social media accounts.
  • Banking: Erase closed account details or outdated credit records.

Limits:

  • Some data, like legal or employment records, can’t be erased.

5. Right to Restrict Processing

You can ask companies to temporarily stop using your personal data in certain situations, like during a disagreement at work, in healthcare, or with insurance.

You can ask a company to stop using your data in certain cases:

  • If the data is incorrect, and you want it fixed first
  • If the data was used unlawfully, but you don’t want it deleted
  • If you still need the data for legal reasons even though the company doesn’t
  • While your objections to the data’s use are being reviewed

When processing is restricted, the company can keep your data but not use it without your permission.

Examples

  • At Work: You can ask your employer to temporarily stop using your performance data if there’s a disagreement or review going on.
  • In Healthcare: You can request that your medical records aren’t shared while you’re disputing a treatment decision.
  • With Insurance: You can pause the processing of your claim if it’s under review.

What You Can’t Do:

You can’t completely stop the organization from managing data that is essential for their operations.

6. Right to Data Portability

This right lets you move your personal data from one service to another.

For instance, you can transfer your job history, bank records, or health app data to another platform.

You can:

  • Get your personal data in a readable format (e.g., a file you can use)
  • Move your data to another company easily
  • Ask for your data to be transferred directly to another company (if possible)

This applies to data handled electronically and with your consent.

Examples of what you can do:

  • At Work: Move your job profile or recommendations to a new platform.
  • Banking: Transfer transaction details or investment records to a new bank.
  • Fitness Apps: Export workout, health, or nutrition data to a different app.

Limits:

  • Only applies to digital data collected with your permission.

7. Right to Object

You can say no to certain ways your data is being used, especially for things like unwanted ads, tracking at work, or research data collection.

You can say no to your data being used for:

  • Direct marketing (e.g., ads and promotions)
  • Tasks based on public or business interests
  • Research or statistics.

The company must stop unless they have a strong reason that outweighs your objection.

What you can do with this right

  • Marketing: You can stop companies from using your data for ads or targeted promotions.
  • At Work: You can challenge unnecessary monitoring or data collection that isn’t essential for your job.
  • In Research: You can object to your data being used in studies, even if it’s anonymized.

8. Rights Related to Automated Decisions

You have the right to contest automated decision-making (including profiling) that significantly affects you (such as AI in recruitment or credit scoring).

So your rights here are concerning:

  • Profiling (e.g., categorizing you based on your data)
  • Important decisions made automatically.

You can:

  • Ask for a person to review the decision
  • Challenge the outcome
  • Share your opinion
  • Request an explanation of how the decision was made

These rights ensure you stay in control of your personal data and how it’s used.

 

Things to know about this right:

  • At Work: You can question decisions made by computers, like who gets hired or how your work is judged.
  • Loans: If a computer says no to your loan, you can ask a person to look at it.
  • Insurance: You can disagree with decisions about prices or claims made only by computers.
GDPR data protection banner images

Conclusion

GDPR is an important step in protecting your privacy online and anywhere. By learning your data protection rights and responsibilities, you can take control of your personal data and make sure it’s used properly and fairly.

Remember: Protecting data is a responsibility for everyone—individuals, employers, and organizations.

Disclaimer: This guide gives general information and is not legal advice. Always talk to a legal expert for advice on your situation.

 

About Us:

We are a digital marketing agency focusing on core digital services such as SEO, Paid Ads, Email Marketing, and Data Analytics. Part of what we do is ensure we are data-compliant when you work with us.

Marketing has changed a lot over the years, and it’s my job to follow the 8 important rights individuals have under GDPR.

I need to understand and follow these rules. I believe you want to work with a company that takes these GDPR rules seriously.

By following these rights, I can make sure my marketing is in line with data protection laws, build trust with customers, and avoid any legal problems.

When you work with us, this is one of the things we keep in mind.

Contact us for your marketing projects.